Chief Underwriting Officer
Cyber-attacks regularly top the list of the biggest threats facing business, with 85% of organisations saying they are worried about being hit this year .
With cyber criminals becoming more sophisticated and organised all the time, attacks are more frequent, damaging and unpredictable than ever. Meanwhile, new technologies such as mobile devices, the cloud and the Internet of Things are giving attackers even more access to your precious systems and data.
Cyber-attacks and data breaches are often clumped together, when in fact there are many different culprits, designed to access and attack your systems in different ways. What's more, they are constantly morphing and evolving, so businesses must remain constantly vigilant.
We're all familiar with the intimidating cyber-attack terminology, whether its ransomware, phishing, bots or worms. But how many of us actually know what this stuff is, and how it works?
So, in the spirit of 'knowing your enemy', here's a rundown of the biggest cyber culprits in 2016.
Phishing, Spear-phishing and whaling
One of the most popular types of cyber-attack, phishing involves the attacker sending out emails to multiple recipients, posing as a reputable company. The email will either contain malware in a link or attachment, or will prompt the recipient to enter sensitive account or password details, enabling attackers to hack into their PC or accounts. While many of these emails may look and seem suspicious, some are surprisingly convincing, and sent on mass, somebody is always caught unawares eventually.
Varieties on phishing include spear-phishing, whereby attackers target a particular company or individual, and whaling, where senior executives are specifically targeted - potentially hugely damaging if successful.
As the name suggests, ransomware infects your computer and holds your data to ransom, demanding significant sums for its release. It's a growing threat to SMEs, with a report from Kaspersky Lab revealing a spike in attacks in the first quarter of 2016.
The ransomware usually accesses your computer through a phishing email sent to unsuspecting employees, although new tactics have seen ransomware hijack adverts on popular news sites, with the New York Times, BBC and AOL hit earlier this year.
One click on an infected link or attachment and it's in your system, almost impossible to get rid of it without paying up.
A type of malware, worms have been around for a many years, with the first one famously created in 1988 as an innocent way of testing computer networks. They have since been used to devastating effect, penetrating vulnerable computers, before replicating and spreading within a network. One of the most famous worm attacks was on MySpace in 2005, which spread to over one million computers in 20 hours.
Worms are often used to steal confidential information or turn computers into remote-controlled 'zombies' or 'bots', which are then used to attack more systems. It's estimated that at any one time there are several million 'zombie' computers on the internet.
New types of worms are emerging all the time, including 'headless worms', which target so-called 'headless' devices like smartphones, smart watches and medical hardware. Something to watch out for in the future!
A growing threat due to the rise in connected devices and the Internet of Things, these work by seeking out vulnerabilities in a device via a malicious website or app. With more and more smartphones and tablets used for professional purposes, this is a potential 'back door' route to accessing valuable data and systems deeper in the system. With more and more devices becoming connected, whole networks could be affected this way in the future.
As scary as it sounds, ghostware is a type of malware designed to penetrate networks without detection, steal confidential data, then cover its tracks before it leaves. That means you may not realise your business has been compromised until it's too late, and it's impossible to find the source of the breach.
Similar to ghostware, this time the malware completes its task and then destroys the system it has infected. It can potentially be much more damaging for this reason, however you will at least know that your system has been compromised.
The type of attack that recently took down Pokemon GO, DDoS (Denial of Service) attacks are on the rise, with Arbor Networks detecting 73 percent more this year compared to 2015. They work by flooding a company's servers with requests, so they are unable to cope and shut down. That leaves the business unable to trade for minutes, hours or even days, with potentially catastrophic long-term impacts.
Again, the clue's in the name, this type of malware is like a Trojan Horse which enters your system under the guise of a legitimate piece of software. Once there, it can perform a number of functions, including deleting, modifying or stealing data. Unlike worms and viruses they cannot replicate themselves, however they can be just as damaging.
Last but not least, one of the biggest threats is much closer to home – your own people. A recent report by Verizon found that 16 per cent of all data breaches actually originate from insider and privilege misuse, where somebody with access to the system steals data, or becomes an inside hacker. The majority of these attacks (34%) are motivated by financial gain, although a quarter (25%) are linked to espionage and the theft of intellectual property.
It is impossible to list all the variations of cyber-attack and malware as there are hundreds, and new ones being developed all the time! But this list provides a snapshot of some of the biggest threats facing businesses right now, and the importance of taking preventative action to protect your business from an attack. For further details on how you can stay safe, read our guide to cyber security here